This tool checks every maintainer from every package in the NPM and Python Pypi registry for unregistered domains or unregistered MX records on those domains. If a domain is unregistered you can grab the domain and initiate a password reset on the account if it has no 2 factor auth enabled. This enables you to hijack a package and do whatever you want with it.
GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration - GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hija...
github.com
